Google Cloud Platform adds new security service to protect against DDoS attacks

0
2
Cloud computing security concept with safe vault dial. Clipping path available.

A new security service from Google Cloud Platform (GCP) will use load balancing to protect GCP customers against distributed denial of service (DDoS) attacks, according to a Wednesday blog post from Google.

The service,called Cloud Armor, uses the same global HTTP(S) load balancing found in products like Search and YouTube, the post said. Users only need to configure load balancing for the service to be activated.

“Cloud Armor works with Cloud HTTP(S) Load Balancing, provides IPv4 and IPv6 whitelisting/blacklisting, defends against application-aware attacks such as cross-site scripting (XSS) and SQL injection (SQLi), and delivers geography-based access control,” the post said.

Users can create custom defenses with Layer 3 to Layer 7 parameters, the post said. And Cloud Armor will give a breakdown of blocked and allowed traffic as it goes.

 Another new security feature in GCP is VPC Service Controls, which protect the data stored in the API-based services in GCP, the post said. For services like Google Cloud Storage and BigQuery, this can protect against exfiltration if identities are stolen, IAM policies are misconfigured, and more. This could go a long way to making business leaders more comfortable with moving their data to the cloud.

Speaking of APIs, the Cloud Data Loss Prevention (DLP) API is now generally available. This allows users to better label, manage, and redact certain pieces of sensitive information, the post said.

Google also unveiled the Cloud Security Command Center (Cloud SCC), a new service in alpha that will provide an “inventory of your cloud assets, scan storage systems for sensitive data, detect common web vulnerabilities and review access rights to your critical resources,” the post said. This will bring more security transparency to services like App Engine, Compute Engine, Cloud Storage, and Cloud Datastore.